<?php
/**
* File for the InputFilterTest class
*
* (PHP 5)
*
* @package PHPonTraxTest
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @copyright (c) Walter O. Haas 2006
* @version $Id$
* @author Walt Haas <hide@address.com>
*/
echo "testing InputFilter\n";
require_once 'testenv.php';
// Call InputFilterTest::main() if this source file is executed directly.
if (!defined("PHPUnit2_MAIN_METHOD")) {
define("PHPUnit2_MAIN_METHOD", "InputFilterTest::main");
}
require_once "PHPUnit2/Framework/TestCase.php";
require_once "PHPUnit2/Framework/TestSuite.php";
// You may remove the following line when all tests have been implemented.
require_once "PHPUnit2/Framework/IncompleteTestError.php";
require_once "input_filter.php";
/**
* Test class for InputFilter.
* Generated by PHPUnit2_Util_Skeleton on 2006-02-28 at 11:52:31.
*/
class InputFilterTest extends PHPUnit2_Framework_TestCase {
/**
* Runs the test methods of this class.
*
* @access public
* @static
*/
public static function main() {
require_once "PHPUnit2/TextUI/TestRunner.php";
$suite = new PHPUnit2_Framework_TestSuite("InputFilterTest");
$result = PHPUnit2_TextUI_TestRunner::run($suite);
}
/**
* Sets up the fixture, for example, open a network connection.
* This method is called before a test is executed.
*
* @access protected
*/
protected function setUp() {
}
/**
* Tears down the fixture, for example, close a network connection.
* This method is called after a test is executed.
*
* @access protected
*/
protected function tearDown() {
}
/**
* Test the process() method
*/
public function testProcess() {
// Trivial case, nothing to clean
@new InputFilter();
$this->assertEquals(InputFilter::process('foo'),'foo');
$this->assertEquals(InputFilter::process(array('foo','bar')),
array('foo','bar'));
// Default constructor removes all tags
$this->assertEquals(InputFilter::process('<ok>foobar</ok>'),
'foobar');
// Allow all but blacklisted tags and attributes
@new InputFilter(array(),array(),1,1,1);
// Irregular tag names are always filtered out
$this->assertEquals(InputFilter::process('foo<#$>bar</#$>mumble'),
'foobarmumble');
// $xssAuto=1 filters blacklisted tags and attributes
$this->assertEquals(InputFilter::process('<body>foobar</body>'),
'foobar');
$this->assertEquals(InputFilter::process('<ok action="yes">foobar</ok>'),
'<ok>foobar</ok>');
// With $xssAuto off, blacklisted tags and attributes are allowed
@new InputFilter(array(),array(),1,1,0);
$this->assertEquals(InputFilter::process('<body>foobar</body>'),
'<body>foobar</body>');
$this->assertEquals(InputFilter::process('<ok action="yes">foobar</ok>'),
'<ok action="yes">foobar</ok>');
// tagMethod=1 permits all but listed tags
@new InputFilter(array('foo'),array(),1,1,0);
$this->assertEquals(
InputFilter::process('<foo>mumble</foo><bar>grumble</bar>'),
'mumble<bar>grumble</bar>');
// tagMethod=0 permits only listed tags
@new InputFilter(array('foo'),array(),0,1,0);
$this->assertEquals(
InputFilter::process('<foo>mumble</foo><bar>grumble</bar>'),
'<foo>mumble</foo>grumble');
// attrMethod=1 permits all but listed attributes
@new InputFilter(array(),array('dangerous'),1,1,0);
$this->assertEquals(
InputFilter::process('<foo safe="1" dangerous="1">mumble</foo>'),
'<foo safe="1">mumble</foo>');
// attrMethod=0 permits only listed tags
@new InputFilter(array(),array('dangerous'),1,0,0);
$this->assertEquals(
InputFilter::process('<foo safe="1" dangerous="1">mumble</foo>'),
'<foo dangerous="1">mumble</foo>');
// accept only know safe tags
@new InputFilter(array('div','span','strong','em'),
array('id','class'),0,0,0);
$this->assertEquals(
InputFilter::process(
'<body class="full">mumble<span class="error" color="red">'
.'grumble</span>burfl</body>'),
'mumble<span class="error">grumble</span>burfl');
}
/**
* Test process_all() method
*/
public function testProcess_all() {
$_GET = array('<tag1>foo</tag1>');
$_POST = array('<tag2>bar</tag2>');
$_REQUEST = array('<tag3>mumble</tag3>');
// Default is to remove all tags
InputFilter::process_all();
$this->assertEquals($_GET,array('foo'));
$this->assertEquals($_POST,array('bar'));
$this->assertEquals($_REQUEST,array('mumble'));
}
/**
* Test saveSQL()
* @todo Figure out problem w/ mysql_real_escape_string()
* @todo Figure out how to test with magic quotes either on or off
*/
public function testSafeSQL() {
$rs = mysql_connect();
if ($rs == false) {
PHPUnit2_Framework_Assert::fail("InputFilterTest:"
." unable to open a connction to MySQL");
}
// Trivial case, nothing to clean
$this->assertEquals(InputFilter::safeSQL('foo',$rs),'foo');
$this->assertEquals(InputFilter::safeSQL(array('foo','bar'),$rs),
array('foo','bar'));
if (get_magic_quotes_gpc()) {
// verify stripping of magic quotes
// FIXME: figure out how to test this case
$this->assertEquals(
InputFilter::safeSQL('a\\\'b\\"c\\\\d\\\x00e\\\nf\\\rg\\\x1a',$rs),
'a\\\'b\\"c\\\\d\\\x00e\\\nf\\\rg\\\x1a');
}
else {
// verify magic quotes aren't there
$pattern = "a'b\"c\\d\x00e\nf\rg\x1ah";
$non_zero_pattern = "a'b\"c\\de\nf\rg\x1ah";
$quoted_pattern = "a\\'b\\\"c\\\\de\\\nf\\\rg\\\x1ah";
$quoted_non_zero_pattern = "a\\'b\\\"c\\\\de\\\nf\\\rg\\\x1ah";
// echo "\nIf this fails it means mysql_real_escape_string() is broken: ";
// $this->assertEquals(mysql_real_escape_string($non_zero_pattern),
// $quoted_non_zero_pattern);
// echo "\nIf this fails it means mysql_real_escape_string() is broken: ";
// $this->assertEquals(mysql_real_escape_string($pattern),
// $quoted_pattern);
// $this->assertEquals(
// InputFilter::safeSQL($pattern,$rs),$quoted_pattern);
}
// Remove the following line when you complete this test.
throw new PHPUnit2_Framework_IncompleteTestError;
}
}
// Call InputFilterTest::main() if this source file is executed directly.
if (PHPUnit2_MAIN_METHOD == "InputFilterTest::main") {
InputFilterTest::main();
}
// -- set Emacs parameters --
// Local variables:
// tab-width: 4
// c-basic-offset: 4
// c-hanging-comment-ender-p: nil
// indent-tabs-mode: nil
// End:
?>